Microsoft Exchange Email on Linux
Employers and universities are fond of using Microsoft Exchange/Office 365/Outlook as an email provider. And, because Microsoft is Microsoft, these services do not support standard IMAP/POP/SMTP interfaces. This makes accessing email from a desktop client on Linux a royal pain. However; it is possible to do. There are a few approaches for connecting a Microsoft email account to a Linux client, and in this article I will discuss two of them.
Evolution EWS
By far the easiest way to go is to use the EWS plugin for the Evolution email client. This is quick and easy, but only works with Evolution. [1] If you'd rather use a different email client, skip ahead to the next part. Otherwise, read on!
The plugin isn't usually packaged with Evolution, so you'll first need to install the standalone package. On Ubuntu the command for this is,
sudo apt install evolution-ews
Once the plugin is installed, launch Evolution and go to Edit->Accounts->Add->Mail Account in the toolbar. Then click next, enter your name and email address into the dialog, uncheck "Look up mail server details..." and click next again. On the next screen, select "Exchange Web Services" under the Server Type drop-down menu. "Exchange Web Services" won't appear as an option until the evolution-ews package has been installed.
The host URL will be auto-populated with a "default" URL for your domain, based on your email address, which may or may not work depending on how your organization has configured their Exchange setup. You may as well give it a shot--click the "Fetch URL" button. It may prompt you for a password (several times in a row, in my experience). If it works, the OAB URL field should be populated.
More often than not, though, this default URL will not work. If this is the case, try using this one instead,
https://outlook.office365.com/EWS/Exchange.asmx
Once the OAB URL has been populated, click through the rest of the settings, and you should be good to go!
A more "Linuxy" solution: DavMail
In September of this year, Microsoft disabled Basic Authentication,which was the default authentication method used by DavMail. DavMail still works, but it requires a few extra steps to authenticate than were originally included in this article. I've added an update to thisarticle at the relevant point describing the new process.
If you're happy with Evolution, then the plugin above should be all you need. But, if you'd like to use any other email client, then you'll need a different approach. Luckily, there is a program called DavMail that will allow us to access Microsoft email from a wide variety of different email clients.
DavMail is a standalone server that converts Microsoft's proprietary email protocols into standard IMAP and SMTP. So, rather than connecting our email client to Exchange directly, we will use DavMail as an intermediary. Our email client will connect to DavMail over IMAP/SMTP interfaces, and then DavMail will convert our email client's requests into the MicroSpeak (tm) that Exchange understands.
First, you'll need to install DavMail. For Ubuntu-based systems it's as simple as,
sudo apt-get install davmail
If DavMail is not in your distribution's repositories, you can download it directly from their site. It's a Java program, so you'll need that installed to use it too.
DavMail has a graphical interface for configuration, but I find writing a configuration file to be more convenient. If you want to go the graphical route, check out the official DavMail documentation. Otherwise, stick around and I'll run through the process of writing a configuration file.
DavMail accepts the pathname of a configuration file as an argument, so to keep things organized, I like to place my DavMail configuration file in
~/.confg/davmail/davmail.properties
and then execute DavMail using,
davmail "$HOME/.config/davmail/davmail.properties"
As far as the configuration file itself, here's what I use,
# Disallow access to the davmail server from remote hosts (i.e., other# computers on the network)davmail.allowRemote=false# Don't use SSL--more on this belowdavmail.ssl.nosecurecaldav=falsedavmail.ssl.nosecureimap=falsedavmail.ssl.nosecureldap=falsedavmail.ssl.nosecuresmtp=false# Ports to run the different services on. You'll need these to connect# your clients. If you have several Exchange accounts, each one will need# to run on different portsdavmail.caldavPort=5000davmail.imapPort=5001davmail.ldapPort=5002davmail.smtpPort=5003# Connection details for your exchange account. Odds are good that the# url listed here will work for you. If not, see if your University# or employer has any details on the correct host URL to connect to# their email services with.davmail.url=https://outlook.office365.com/EWS/Exchange.asmx# Run davmail in server modedavmail.server=truedavmail.enableKeepAlive=true# (Update 2022) Enable manual authentication. See the update below# for detailsdavmail.mode=O365Manual
This is a minimum viable configuration file, but DavMail has a large number of other configuration options. If you find something isn't working, read over the documentation for more details on the options that are available.
This DavMail configuration does not use SSL, which means that clients connecting to the DavMail server will not use encryption. This does not mean that the connection to the Exchange server is not encrypted. It is only the connection between the email client and the DavMail server that are in the clear.
Because none of the unencrypted traffic hits the network, running SSL over this connection isn't strictly necessary. However, if you want to allow external connections to your DavMail server (maybe run one instance of it on your network for all your devices to connect to, etc.), or if you want to enable SSL out of an abundance of caution, you can check out the documentation for setting up SSL.
Once the configuration file is ready, run the server. For testing purposes, it's easiest to run DavMail directly in a terminal,
davmail ~/.config/davmail/davmail.properties
You should see some basic diagnostic information displayed in the terminal. The server is now running, so next we need to connect to it with an email client of your choice. Leave the terminal running DavMail open. If you close it, you'll shut down the server and be unable to connect to it.
Configuring your email client is done the same way as setting up any other IMAP/SMTP account, except that you should use localhost or 127.0.0.1 for the IMAP and SMTP URLs, and use the ports [2] specified in the configuration file (5001 for IMAP and 5003 for SMTP in the example here). Use your full email address as your username, and do not select any options for encryption in your email client, unless you've configured DavMail for SSL.
During the initial connection, you will need to manually authenticate with Microsoft and deal with any associated 2FA (this is the O365Manual option from the configuration file at work). When your email client attempts its first connection, DavMail will write a URL to its terminal output. Copy and paste this into a browser, and you will be directed to a Microsoft sign on page.
Once you log in (or immediately, if your browser is already signed into Microsoft), you will see a blank white page. Copy the URL of this page from the browser into the DavMail terminal and hit enter. Don't worry if DavMail has written more text to the terminal after the prompt--it will still work. By now, your email client's connection attempt has likely timed out, so try it again. It should connect without issue the second time.
DavMail will cache the authentication in its configuration file, and this cached information will remain valid for a few weeks. When it expires, you'll need to repeat this process again. If your email sync randomly fails in the future, the odds are good that it has expired. Repeat this process again to get a fresh token.
For more details on this process, see this article.
Automatically running DavMail
It would be ideal if you didn't need to manually run DavMail and leave it open in a terminal in the background every time you wanted to access your email, so as a last step we should set up a system to keep DavMail running quietly in the background at all times.
The absolute simplest, manual way is to run,
nohup davmail &
This will run DavMail in the background (the &), and allow you to close the terminal without killing the server (the nohup). Then you can exit the terminal and go about your business. But it still requires manual intervention every time you sign into your computer.
Thankfully, there are ways to automatically run a command like this. Your desktop environment may have a way to configure startup jobs (like the Startup Applications Preferences window in Gnome), or you could create a systemd unit and then use systemd to automatically run/manage DavMail.
I run it on my Linux systems as a user unit in systemd, with the following service file,
[Unit] Description=Davmail Exchange Gateway [Service] Type=simple ExecStart=/usr/bin/davmail %h/.config/davmail/davmail.properties Restart=always RestartSec=60 [Install] WantedBy=default.target
Place this file under ~/.config/systemd/user/davmail.service.
You can then configure davmail to automatically run when you sign in
using,
systemctl user enable davmail
You can also manually start and stop it using,
respectively. You'll need to run the start command immediately after you enable it for the first time. Now, DavMail should perpetually run in the background when you are signed in.systemctl user start davmailsystemctl user stop davmail
Conclusion
Microsoft does not make accessing its email services from desktop clients easy, but it is certainly possible. I've been using the DavMail setup described in this article to access Microsoft email from both Linux and BSD systems for several years now, and it's been very reliable. It is annoying that such workarounds are necessary, but I'm certainly happy that they exist!